IT Central Station is now PeerSpot: Here's why

BeyondTrust Privileged Remote Access Room for Improvement

PD
IT Specialist at a comms service provider with 11-50 employees

The integration client, backup solution, and SSO setup and provisioning could be improved. There isn't any documented or supported user provisioning currently, which slows down the processes of onboarding and assigning permissions. I would like to see this improved soon.

The Vault could use some attention, specifically in managing named administrative accounts. I have to assign permissions to my named admin account during sessions manually, but I think that should be the default. Admin account permissions could use some more automation and be adjusted to be more user-centric.

BeyondTrust could improve text-based auditing; it's not very readable. I can get the details through the jump client and other tools, but if I run a simple PowerShell command, the solution generates multiple lines for that specific session in the text audit, which doesn't make sense.

View full review »
Aaron Margerum - PeerSpot reviewer
Systems Engineer at NRC

I would love to have a web console and the ability to use the smart card with the web console to provide remote support. If you are on a computer that doesn't have the Bomgar console, you should be able to use the web console to provide support. That's the only thing right now. A web console is nice when you're jumping into a computer, but if you need to elevate the privileges, you currently can't do it with the smart card. If they could figure that out, that would be money.

One thing that's confusing is the way of setting up group policies and permissions. It is very complicated. There are a lot of small pieces to it. The way they have set everything up is weird. I'm sure there is a reason for that, but I feel it should be a lot easier to provide different permissions and things like that.

View full review »
Lance Jones - PeerSpot reviewer
Information Technology Operations Manager at a educational organization with 5,001-10,000 employees

Its management is through two different portals, and you can't get from one portal to the other. I have to literally open up another website and go into it a different way. There are no inner links between the two. They should interlink the actual virtual server and the appliance. In general, there should be one interface for management for admins.

View full review »
Buyer's Guide
BeyondTrust Privileged Remote Access
August 2022
Learn what your peers think about BeyondTrust Privileged Remote Access. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,645 professionals have used our research since 2012.
Chase Cole - PeerSpot reviewer
Sr. Systems Administrator at Rayburn Electric

It is too much of a fortress. It is difficult for us to report on compliance when I need to check for that device. For instance, I need to monitor what version that device is on, and it is quite complicated for us to do that. You can't connect to it traditionally and that is by design. While they have made some improvements in their API connectivity, it is just not quite what I would really like. It requires me to kind of apply some aftermarket steps in order to get what I need.

There is no connectivity to the appliance side. There is no API, and it is just difficult for me to capture what version the device is on without going in and doing screenshots. It is a little too secure in that regard, where they don't even trust their product owner. Since a lot of hacks come from the inside, they are probably doing what they need to do out of necessity. It is just that I have to work pretty hard to produce compliance data on the box.

You can usually API into something and get whatever you need. Or, you can have an SSH saying, "Do whatever you need. Just do a Git version command." There is none of that with BeyondTrust. However, this is the least of my concerns compared to whatever it grants us in freedom for all our security compliance requirements that it helps us meet.

View full review »
Temitope Popoola - PeerSpot reviewer
Specialist, Server Administration at IHS Towers

At the moment, I don't see any major problems with it. If anything, they can just change the look and feel of the login screen because it looks too simple to me. It does not have so much information. When you get to the login screen of the solution, you should have more information. We also have BeyondTrust Remote Support, and the login page looks similar to BeyondTrust Privilege Remote Access. I would love to see more rich information on the login screen or landing page so that rather than having a regular sign-in screen or page where you just provide a username and password and get into the solution, you should have more insight into what the solution does. I've mentioned this to them every time I have had an opportunity.

View full review »
SteveJenovai - PeerSpot reviewer
Sr Technical Product Manager (Sr. Consultant at Computronix) at Computronix

In terms of improvement, there are two things that come to mind. One is just in terms of the API interface, which needs some work. In terms of the ability to automate the creation of new accounts within it, it's still a bit laborious. The other piece that I would say I've been pushing for this whole period is simply to save a reason for access to the audit file as it's one of the requirements in NIST 800-53. It's been a pain working around that one, even though it's somewhat trivial.

View full review »
KL
Sr Cyber Security Manager at Honeywell International Inc.

We have been having some problems as of late.

One of our gaps or pain points is having multi-factor authentication at the endpoint and using the PRA password injection from BeyondTrust, which does not work in our environment. We can only have MFA at the login of BeyondTrust to check out the password. Therefore, we can't meet our security requirements of having it on the endpoint.

The solution's Vault seems to do what we need. It has some gaps when it is trying to process the password through multiple applications. If it fails, it doesn't notify us that it has failed. So, we only find that failure when we have an escalation or have to go back through to see what has happened, e.g., why the password didn't reset accurately. While it has some gaps, it works for the scenario that we need for the most part.

When we decided on this solution, it was extremely important to us that PRA was available in multiple formats, such as a physical and virtual appliance or as SaaS. Unfortunately, we can't use PRA because of our environment, which was disheartening. When we were sold the tool, they said that we could, but we can't because our environment is highly customized. We have so many use cases that it is not a feature that can be used across platforms for us.

We use PI and PRA together. If someone has checked out an account in PI, the session is open, and PI closed or checked back that account. Then, someone else checks out an account that is still active in a session, which causes multiple lockouts.

View full review »
Sean Rall - PeerSpot reviewer
Lead Developer at a legal firm with 11-50 employees

We use the solution’s Vault for service account management. It has gotten much better with the most recent update. It has been clunky but that has gotten a lot better. I would give it seven out of 10. There is definitely improvement that needs to be done on it over the long term, but I am very pleased with the progress so far.

I would like a better dark theme. The dark theme is still new but a little harsh on the eyes with the colors it shows

I would like better administrative tools for the Vault.

View full review »
Hahn Rolf - PeerSpot reviewer
CEO at MICRODYN AG

I cannot say that the solution is lacking any features. It has everything we need right now.

They could probably integrate a wizard or something like that to add a new use case. It could be something that makes it easier to add a new use case. That's something they could probably improve. I'm not sure about this, however, as the direction is anyway going more and more in the direction of automation. That said, for a beginner customer who is starting from scratch, probably a wizard would be a good feature to add.

The on-premises version is not as easy to set up as a cloud deployment,

View full review »
ES
It Manager

The solution is very flexible, which is a plus, but I would say the implementation requires someone with knowledge and experience, as it can be easy to get lost in all the details. The implementation process could be streamlined and simplified. Though the complexity of the solution provides greater flexibility, it requires a lot of time to understand it fully.

The UI is somewhat basic, so that could use some work. It's okay; apart from that, it's an aesthetics issue.

View full review »
JL
IAM Senior Solutions Architect at a tech services company with 1,001-5,000 employees

It would be very nice if it has an enterprise vault. Currently, it can interact with Password Safe, which is a separate solution and equivalent to Thycotic Secret Server. Instead of having Password Safe as a separate entity, they should combine it with BeyondTrust Privileged Remote Access. They have done it in some way, but it is not an enterprise tech solution.

View full review »
SH
Cybersecurity Architect at a tech vendor with 1-10 employees

I can't think of any specific improvements because the product is already so rich. 

View full review »
Buyer's Guide
BeyondTrust Privileged Remote Access
August 2022
Learn what your peers think about BeyondTrust Privileged Remote Access. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,645 professionals have used our research since 2012.